ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mouse YOLO Factory

Generate simulated scratch defects, run YOLO model inference with auto-labeling, and merge mouse product defect image datasets with version control.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 34 · 0 current installs · 0 all-time installs
by@Dwysbd
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code files implement scratch generation, YOLO inference (auto-labeling), and dataset merging, which aligns with the skill description. However the SKILL.md uses absolute Windows paths (D:/aiagent/aiagent_for_Mouse_Python_code/...) and the code itself creates a hard-coded RAG DB directory at D:/aiagent/rag_database — these hard-coded paths are not declared in metadata and may not match where the skill will be run.
!
Instruction Scope
SKILL.md instructs running scripts via absolute paths on D:, implying the agent or user should store/execute code there; the runtime code writes detection logs (JSONL) to a hard-coded local RAG path and writes/creates dataset folders and labels. While this is expected for dataset tooling, the instructions give no warning about these file writes and assume a Windows D: layout — this is scope creep relative to a simple 'run model' description and could overwrite or create files in unexpected locations.
Install Mechanism
There is no install spec (instruction-only + code files bundled). However the Python code depends on heavy native libraries (ultralytics, torch, torchvision, cv2/opencv, numpy, pandas) which are not declared. Users may attempt to run the scripts without these dependencies; installing them can be non-trivial and may require compiling native code. Absence of dependency declarations is an operational risk but not necessarily malicious.
!
Credentials
The skill requests no environment variables or credentials (which is good), but it writes logs to and creates directories under a hard-coded path (D:/aiagent/rag_database) and uses file-system locations for datasets. The skill does not declare these required config paths in metadata. There's no network exfiltration code, but local log files may include detection summaries — review these if they may contain sensitive image identifiers.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or global agent configuration. Its persistence is limited to creating directories and writing files (datasets, labels, and a local RAG JSONL log) within the file system; this is expected for dataset tooling.
What to consider before installing
What to check before installing or running: - The code implements the stated features, but the SKILL.md commands and some internal paths are hard-coded to D:/... — make sure you understand and relocate those paths to directories you control before running. - The scripts expect heavy Python dependencies (torch, ultralytics, torchvision, opencv, pandas, numpy). The skill metadata does not declare these — install them in a controlled environment (preferably a virtualenv or container). - The inference script writes detection logs to D:/aiagent/rag_database/detection_logs.jsonl and writes output images/labels into dataset folders. Inspect the logs if they may contain sensitive filenames or metadata. - Run the code first in an isolated environment (container or VM) and review/modify the hard-coded paths and any file-write locations. Search the code for any other absolute paths before trusting it with production data. - If you need tighter guarantees, ask the publisher to: remove hard-coded paths, declare required dependencies, and document exactly what files will be created/modified and where. - Confidence is medium: nothing in the code indicates network exfiltration or obfuscated/malicious behavior, but the path assumptions and missing dependency declarations are implementation issues that could lead to accidental data exposure or file overwrites.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9766ft3016az9fjnn33a26xh1834xhc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

mouse-yolo-factory

這是一個專為老鼠 (Mouse) 產品瑕疵檢測開發的 YOLO 整合技能。支援瑕疵影像生成、自動化模型推論標記,以及資料集的合併與版本管理。

Metadata

  • id: mouse-yolo-factory
  • kind: package
  • label: Mouse YOLO Factory
  • owner: Alex Ho

Usage

1. 瑕疵生成 (Scratch Generation)

在原始影像上模擬生成劃傷 (Scratch) 瑕疵。 python D:/aiagent/aiagent_for_Mouse_Python_code/Mouse_produce_scratch.py --input <input_dir> --output <output_dir>

2. 模型推論與自動標記 (Auto-Labeling)

使用現有模型進行推論,並將結果儲存為 JSON/YOLO 格式。 python D:/aiagent/aiagent_for_Mouse_Python_code/drawbox_and_dataset_savejson_with_model.py --model <model_path> --img_size <size> --conf <threshold> --source <img_path>

3. 資料集合併與融合 (Dataset Merge)

將新標記好的資料併入全域資料庫。 python D:/aiagent/aiagent_for_Mouse_Python_code/datatool.py --new_data <new_path> --yolo_db <db_root> --desc <description>

Use when

  • 使用者想要透過演算法在老鼠圖片上「產生」、「模擬」或「製作」劃傷瑕疵時。
  • 使用者需要使用現有的 YOLO 模型對新圖片進行「推論」、「預標記」或「自動框選」時。
  • 使用者提到「合併資料」、「融合數據集」、「建立新版本」或「將新資料歸檔」時。

Don't use when

  • 進行硬體自動化測試(如 ADB 或 PLC 控制)時。
  • 僅需進行單純的文件移動或重新命名,不涉及資料集邏輯時。

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…